Overview

overview

10

Static

static

PROFORMA F...df.exe

windows7-x64

7

PROFORMA F...df.exe

windows10-2004-x64

10

Analysis

  • max time kernel
    91s
  • max time network
    126s
  • platform
    windows10-2004_x64
  • resource
    win10v2004-20220901-en
  • resource tags

    arch:x64arch:x86image:win10v2004-20220901-enlocale:en-usos:windows10-2004-x64system
  • submitted
    21-12-2022 09:13

Sharing

Copy URL
Twitter E-mail
Report Analysis Logs

General

  • Target

    PROFORMA FATURA. Purchase Order. CINVPO202211120000023101.pdf.exe

  • Size

    513KB

  • MD5

    a52478e75fbb20e4d0c2de385db1b3ce

  • SHA1

    ed9a76bd4c286c2b7ffa7b0bf5b66db2a1eb1088

  • SHA256

    88784edc4183537c005102816de40a74499b1261a416eb02fcf1dbcc634b349b

  • SHA512

    d2e0abab3c5bc436f2131d231761ba2539a9280781b3fa7eeac3f6a4a8c9d38c7d5d0ccdea952c5c2fe91e0803467eef1a583defedf7e7efd4d561d5d2d31d1c

  • SSDEEP

    12288:L3LuHzF7bje6/+3lRe+Q3JRtB1Ir/YJGPm030VDbHQ:WTF7PK3lRe+W5D8/YguHQ

Score
10/10
guloaderdownloader

Malware Config

Signatures

  • Guloader,Cloudeye

    A shellcode based downloader first seen in 2020.

    downloaderguloader
  • Loads dropped DLL 1 IoCs
  • Enumerates physical storage devices 1 TTPs

    Attempts to interact with connected storage/optical drive(s). Likely ransomware behaviour.

Processes

  • C:\Users\Admin\AppData\Local\Temp\PROFORMA FATURA. Purchase Order. CINVPO202211120000023101.pdf.exe
    "C:\Users\Admin\AppData\Local\Temp\PROFORMA FATURA. Purchase Order. CINVPO202211120000023101.pdf.exe"
    1⤵
    • Loads dropped DLL
    PID:4904

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Privilege Escalation

Defense Evasion

Credential Access

Discovery

System Information Discovery

1
T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

  • C:\Users\Admin\AppData\Local\Temp\nsgBD4B.tmp\System.dll
    Filesize

    11KB

    MD5

    8b3830b9dbf87f84ddd3b26645fed3a0

    SHA1

    223bef1f19e644a610a0877d01eadc9e28299509

    SHA256

    f004c568d305cd95edbd704166fcd2849d395b595dff814bcc2012693527ac37

    SHA512

    d13cfd98db5ca8dc9c15723eee0e7454975078a776bce26247228be4603a0217e166058ebadc68090afe988862b7514cb8cb84de13b3de35737412a6f0a8ac03

    Download Submit
  • memory/4904-133-0x0000000002A60000-0x0000000002B3B000-memory.dmp
    Filesize

    876KB

    Download
  • memory/4904-134-0x0000000002A60000-0x0000000002B3B000-memory.dmp
    Filesize

    876KB

    Download